Add basic tests for Android intents as flow sources

Author: smowton

java/ql/test/experimental/query-tests/security/CWE-927/AndroidManifest.xml

@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    android:versionCode="1"
+    android:versionName="1.0"
+    package="com.example.myapp">
+
+    <!-- Beware that these values are overridden by the build.gradle file -->
+    <uses-sdk android:minSdkVersion="15" android:targetSdkVersion="26" />
+
+    <application
+        android:allowBackup="true"
+        android:icon="@mipmap/ic_launcher"
+        android:roundIcon="@mipmap/ic_launcher_round"
+        android:label="@string/app_name"
+        android:supportsRtl="true"
+        android:theme="@style/AppTheme">
+
+        <!-- This name is resolved to com.example.myapp.MainActivity
+             based upon the package attribute -->
+        <activity android:name=".IntentSources">
+            <intent-filter>
+                <action android:name="android.intent.action.MAIN" />
+                <category android:name="android.intent.category.LAUNCHER" />
+            </intent-filter>
+        </activity>
+
+        <activity
+            android:name=".DisplayMessageActivity"
+            android:parentActivityName=".MainActivity" />
+    </application>
+</manifest>
+
+<!--
+/*
+ *  This file is licensed under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+-->

java/ql/test/experimental/query-tests/security/CWE-927/ExecTainted.qlref

@@ -0,0 +1 @@
+Security/CWE/CWE-078/ExecTainted.ql

java/ql/test/experimental/query-tests/security/CWE-927/IntentSources.java

@@ -0,0 +1,37 @@
+package com.example.myapp;
+
+import android.app.Activity;
+
+public class IntentSources extends Activity {
+
+	public void test() {
+
+		String trouble = this.getIntent().getStringExtra("key");
+		Runtime.getRuntime().exec(trouble);
+
+	}
+
+	public void test2() {
+
+		String trouble = getIntent().getStringExtra("key");
+		Runtime.getRuntime().exec(trouble);
+
+	}
+
+	public void test3() {
+
+		String trouble = getIntent().getExtras().getString("key");
+		Runtime.getRuntime().exec(trouble);
+
+	}
+
+}
+
+class OtherClass {
+
+	public void test(IntentSources is) {
+		String trouble = is.getIntent().getStringExtra("key");
+		Runtime.getRuntime().exec(trouble);
+	}
+
+}

java/ql/test/experimental/query-tests/security/CWE-927/options

@@ -0,0 +1 @@
+// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/google-android-9.0.0